21 February 2011

Night Dragon Hack-Attacks Connected to Industrial Accidents?

We hear about industrial accidents and explosions all the time. Here is a recent example from Turkey:
At least seven people were killed and 34 injured Thursday in an apparent accidental explosion at a factory in Turkey's capital Ankara, media reports said.

The death toll was likely to rise because several people were still believed to be buried under the rubble left by the explosion....The powerful explosion is believed to have been caused by a worker's mishandling of oxygen tanks at the factory, which employed at least 80 people in manufacturing hydraulic machinery. _MAC
But such accidents begin to take on new possible meanings as knowledge about the Chinese "Night Dragon" intrusions and the Stuxnet worm become more widely known. The Stuxnet worm took control of target machines in Iranian uranium enrichment facilities, causing them to behave erratically and destroy themselves. The Chinese Night Dragon attacks and intrusions are likewise capable of taking control of target machines:
...a [Chinese] company that, according to the company’s advertisements, provides “Hosted Servers in the U.S. with no records kept” for as little as 68 RMB (US$10) per year for 100 MB of space. The company’s U.S.-based leased servers have been used to host the zwShell C&C application that controlled machines across the victim companies.

...McAfee has determined that all of the identified data exfiltration activity occurred from Beijing-based IP addresses and operated inside the victim companies weekdays from 9:00 a.m. to 5:00 p.m. Beijing time, which also suggests that the involved individuals were “company men” working on a regular job, rather than freelance or unprofessional hackers. In addition, the attackers employed hacking tools of Chinese origin and that are prevalent on Chinese underground hacking forums. These included Hookmsgina and WinlogonHack, tools that intercept Windows logon requests and hijack usernames and passwords. _Forbes
The targets of Night Dragon included oil & gas companies which operate refineries -- refineries that are subject to exploding if their controls malfunction. The same is true for many chemical plants, and other types of industrial plants. Machinery at most modern factories is networked, to allow for highly automated operation. Anyone who can hack into the network and take control of the machines can also take control of the destiny of that plant.

Industrial work is already extremely hazardous, as jobs go. But in the highly-networked age, where sensitive machinery is controlled remotely via the net, there is one more hazard to worry about.

As Obama and his allies press for a highly networked "smart grid" which is meant to grow more reliant on inherently unreliable wind power, the hazards for society at large only grow larger.

Labels: , , ,

Bookmark and Share


Post a Comment

“During times of universal deceit, telling the truth becomes a revolutionary act” _George Orwell

<< Home

Newer Posts Older Posts